what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2010-0624

Status Candidate

Overview

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Related Files

Ubuntu Security Notice USN-2456-1
Posted Jan 8, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2456-1 - Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-0624, CVE-2014-9112
SHA-256 | 7f4272feef6a66ff929086843b468985c782176a57765ca3dfe31b71f12b8b84
Gentoo Linux Security Advisory 201311-21
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0624
SHA-256 | ad033b6440ffd791abb4c68830d89b3569db4426500c37f2f7a3efe34d81876a
Gentoo Linux Security Advisory 201111-11
Posted Nov 21, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201111-11 - A buffer overflow flaw in GNU Tar could result in execution of arbitrary code or a Denial of Service. Versions less than 1.23 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0624
SHA-256 | 3746f20494ec74f44d0067f12fceb02ac3f5570f1a17f9920a98a8a2780ca5e7
VMware Security Advisory 2010-0013
Posted Sep 1, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.

tags | advisory, perl
advisories | CVE-2005-4268, CVE-2010-0624, CVE-2010-0624, CVE-2010-2063, CVE-2010-1321, CVE-2010-1168, CVE-2010-1447
SHA-256 | d9f282f0d9f5fec35a2bbedbc199700f42e61ad6e7d07ff47128d015784fd210
Mandriva Linux Security Advisory 2010-065
Posted Mar 23, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-065 - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more (colon) character. The Tar package as shipped with Mandriva Linux is not affected by this vulnerability, but it was patched nonetheless in order to provide additional security to customers who recompile the package while having the rsh package installed. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-0624
SHA-256 | c76ad343a946323626106b13f5b4855856acd6a8f4429eacd64b5224b9fafda3
Tar / Cpio Heap Buffer Overflow
Posted Mar 10, 2010
Authored by Jakob Lell

GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.

tags | advisory, overflow
advisories | CVE-2010-0624
SHA-256 | d24150b634cab2351df08efe4449b09dfe98932abdb966b3ab00c97293fcd9c2
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close